The implementation may provide a form where user can type in a doc id to delete or a lucene query
if it is a POST so be it. But let us have the functionality --Noble On Thu, Jun 19, 2008 at 2:40 AM, Craig McClanahan <[EMAIL PROTECTED]> wrote: > On Wed, Jun 18, 2008 at 1:55 PM, JLIST <[EMAIL PROTECTED]> wrote: >> >> Sounds like web designer's fault. No permission check and no >> confirmation for deletion? >> > > Nope ... application designer's fault for misusing the web. Allowing > deletes on a GET violates HTTP/1.1 requirements (not just RESTful > ones) that GET requests not have side effects, so an app that works > that way is going to mess up when HTTP caching is in use ... as lots > of people found to their chagrin when they installed Google Desktop's > caching capabilities, and the cache played by the standard HTTP rules > (GETs are supposed to be idempotent, having no side effects, so it's > just fine to issue the same GET as many times as desired. > > If you want an easy way to do deletes from a browser, just set up a > little form that does a POST and includes the id of the document you > want to delete. Then you're playing by the rules, and won't make a > fool of yourself when crawlers or caches interact with your > application. > > Craig McClanahan > >>> Never, never delete with a GET. The Ultraseek spider deleted 20K >>> docments on an intranet once because they gave it admin perms and >>> it followed the "delete this page" link on every page. >> >> >> > -- --Noble Paul